The PHP-Nuke EasyContent module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The risk is LOW. Expoiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mods please move if posted in wrong section, I wasnt sure where to ask this one.
There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp
several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability... (0 Replies)
Hi Guys,
I am using SOLARIS 10 and I want to install ZIP module for PHP.
I went to this link http://pecl.php.net/package/zip and I choose zip-1.12.3.tgz, the latest "stable" release, and then transferred it to my server.
Then I went to my path /usr/local/apache2/conf then untar the... (1 Reply)
Hi,
I have problem with parameter configuration.
My question is after the configuration, how to check if successfully change the value or not?
I saw someone has the same question, and followed his steps.
Original thread:... (3 Replies)
Ok..i've installed Apache 1.3.14, and it runs... BUT...I can't figure out how to get the php-4.0.4 module to run, and i've read through the install file and EVERYTYHING, aafter about 10 attempts I pissed myself off enough to goto sleep...Can anyone suggest a place to look for a lil bit more help?... (10 Replies)
OCI_PARSE(3)OCI_PARSE(3)oci_parse - Prepares an Oracle statement for executionSYNOPSIS
resource oci_parse (resource $connection, string $sql_text)
DESCRIPTION
Prepares $sql_text using $connection and returns the statement identifier, which can be used with oci_bind_by_name(3), oci_execute(3) and
other functions.
Statement identifiers can be freed with oci_free_statement(3) or by setting the variable to NULL.
PARAMETERS
o $connection
- An Oracle connection identifier, returned by oci_connect(3), oci_pconnect(3), or oci_new_connect(3).
o $sql_text
- The SQL or PL/SQL statement. SQL statements should not end with a semi-colon (";"). PL/SQL statements should end with a semi-
colon (";").
RETURN VALUES
Returns a statement handle on success, or FALSE on error.
EXAMPLES
Example #1
oci_parse(3) example for SQL statements
<?php
$conn = oci_connect('hr', 'welcome', 'localhost/XE');
// Parse the statement. Note there is no final semi-colon in the SQL statement
$stid = oci_parse($conn, 'SELECT * FROM employees');
oci_execute($stid);
echo "<table border='1'>
";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS)) {
echo "<tr>
";
foreach ($row as $item) {
echo " <td>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : " ") . "</td>
";
}
echo "</tr>
";
}
echo "</table>
";
?>
Example #2
oci_parse(3) example for PL/SQL statements
<?php
/*
Before running the PHP program, create a stored procedure in
SQL*Plus or SQL Developer:
CREATE OR REPLACE PROCEDURE myproc(p1 IN NUMBER, p2 OUT NUMBER) AS
BEGIN
p2 := p1 * 2;
END;
*/
$conn = oci_connect('hr', 'welcome', 'localhost/XE');
if (!$conn) {
$e = oci_error();
trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}
$p1 = 8;
// When parsing PL/SQL programs, there should be a final semi-colon in the string
$stid = oci_parse($conn, 'begin myproc(:p1, :p2); end;');
oci_bind_by_name($stid, ':p1', $p1);
oci_bind_by_name($stid, ':p2', $p2, 40);
oci_execute($stid);
print "$p2
"; // prints 16
oci_free_statement($stid);
oci_close($conn);
?>
NOTES
Note
This function does not validate $sql_text. The only way to find out if $sql_text is a valid SQL or PL/SQL statement is to execute
it.
SEE ALSO oci_execute(3), oci_free_statement(3).
PHP Documentation Group OCI_PARSE(3)